Challenge 3: Password Hash Analysis
Crack weak MD5 password hashes to understand security risks.
Data Breach Alert: A database dump has been discovered containing MD5 password hashes. Your task is to crack these hashes to assess password security and identify weak credentials.
Leaked Password Database
| Username | MD5 Hash | Cracked Password |
|---|---|---|
admin |
5f4dcc3b5aa765d61d8327deb882cf99 |
|
jdoe |
e10adc3949ba59abbe56e057f20f883e |
|
ssmith |
25f9e794323b453885f5181f1b624d0b |
|
mjohnson |
d8578edf8458ce06fbc5bb76a58c5ca4 |
|
testuser |
5ebe2294ecd0e0f08eab7690d2a6ee69 |
Cracking Methods
Dictionary Attack
Try common passwords from a wordlist (password, 123456, admin, etc.)
Brute Force
Try every possible combination (time-consuming but guaranteed)
Rainbow Tables
Pre-computed hashes for quick lookups
Hints
- These are very common, weak passwords
- Try simple words and number sequences
- Think about the most commonly used passwords
- You can use online MD5 hash lookup tools
- Or try:
echo -n "password" | md5sumin Linux
Why MD5 is Insecure
Problems with MD5:
- Fast to compute (billions per second)
- No salt = rainbow tables work
- Collision vulnerabilities
- Not designed for passwords
Modern Alternatives:
- bcrypt: Slow, adaptive, salted
- Argon2: Memory-hard, modern
- PBKDF2: Key derivation function
- scrypt: Memory-intensive